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(54)Titte: PREBOOT PROTECTION FOR A DATA SECURTTY SYSTEM 



(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and writes infomiation from 
and to a card placed in the card reader and 
performs additional functions in response to 
commands received from the CPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the. data storage de- 
vices. 



PhyslcAl 
Destruct 



Ml 

L 



2i2r— 



7^ 



213 



710 



HardDrtvB 
Conbufler 
Logic 



CPU 



n 



221- 
230 



224 226 



111 



115 



ICeaid 



108 



260 Vce 



Processor 
ZB 



222 
^ 



Control 
ASIC 



OitiGieerino 



274 



282 
200 



Battery — 

278 270 T 



CE 



260 




278-^ 



ROM 



272 



Held Drive 



in 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT on the front pages of pamphlets publishing international 
applications under the PCT. 



AT 

AU 

BB 

BE 

BF 

BG 

BI 

BR 

BY 

CA 

CF 

CG 

CH 

CI 

CM 

CN 

OS 

CZ 

DE 

DK 

ES 

FI 

FR 

GA 



Austxia 

Australia 

Baitadtt 

Belginm 

BukiBaFaso 

Bulgaria 



Bnzfl 
Bdaras 



CMttBl AfncanRqnibUc 

Ccngo 

Switzerisnd 

CdledlvoiTB 

Csmenon 

Ouna 

Ctechrwlnivakia 

CttcbRepiibUc 

Gcfinsiiy 

Denmaik 

Spain 

Finland 

Fmcc 

G^bon 



GB 
GE 
iai 
GR 
HU 
IE 

n 

JP 
K£ 
KG 
KF 

KR 

KZ 

U 

LK 

LU 

LV 

MC 

MD 

MG 

ML 

MN 



United 
GeoKgia 



Ualy 
Japan 

Kyrgystan 

DemocTBtic Peqjle's Republic 
of Korea 

Republic of Korea 



Sri 



Latvia 

Monaco 

RepnbUc of Moldova 

Madagascar 

Mali 

Mongofia 



MR 


Mauritania 


MW 


Malawi 


NE 




NL 


NedKriands 


NO 


NoKway 


NZ 


Hbw Zealand 


PL 


Poland 


FT 


Portugal 


RO 


RiynffMia 


RU 


Rosrian Federarioo 


SD 


SnSan 


SB 


Sweden 


SI 


Slovenia 


SK 


Slovakia 


SN 


Senegal 


TD 


Oiad 


TO 


Togo 


TJ 


T^pcisian 


TT 


IVinidad and Tobago 


UA 


Ukiatne 


US 


UnjtBd Stales of America 


uz 


Uibddstaa 


VN 


VIeiNam 



wo 95^4696 



PCT/US95A)2579 



PREBCorironnsxniON loi A data sECURnYSYsriiM 

5 Technical Field of the Invention 

The present invention palains generally to conpiter security 
systems, and more particularly to a nricroprocessor-conlroUed system for 
contrdling user access to and dissonination of secure data stored in a secure 
conq3uter. 

10 Background of the hwmtion 

Tbero has been an enonnous increase in the use of conpiters 
for processing and storing soisitive information in a wide variety of 
CQmmercial and govemmmt qjplicalions. Conpiter systems have evolved 
from large systems with restricted access to small systons which may be 

15 portable and easily accessed by several iisers. As conqxments have become 
more easily accessible and as demand for easy compit^ access has spread, 
there has arisen a greater need for the protection of sensitive data. 

One method for securing access to computa- systems is to 
restrict the physical access to the compute systan, however, sudi restriction 

20 is inefiBdent for typical conpiter system installations which &vor shared 
access and increased por^bility. The cost of securing conpiter systems by 
restricting physical access is also prohibitive. 

Anodic mediod for providing security of sensitive data is to 
use a pr o gram to restrict access to the computer system. However, this 

25 method has drawbadcs. For instmoe, an unaudiorized us^ can often bypass 
the security program or routines vMch invoke the security program to gain 
access to the conputer system. Even if the security program proves to be 
difficult to bypass, the unauthorized user can sinply remove the information 
stored in the conputer by rmioving the memory or monitoring the data bus. 

30 For exanple, a hard drive could be rraioved frrai the conpjter and installed 
in another con^nit^ to read the contents of the hard drive. 

To prevCTt sudi unaudiorized access and retrieval of sensitive 
infomiation, soisitive data m^ be destroyed eith^ logically or i^iysically. 
Logical destmction requires that any data destroyed be unintelligible to 

35 anodio- user after the destrucdoQ process has taken place. The storage media 
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vdU typically Still be reusable. An example of a logical destniction program 
is a program ^Nliich erases the sensitive files on a hard drive ^^en an 
unauthorized access is deteaed Physicd data destruction, on 

requires catastrophic destiuction of the storage media to ensure that the 
5 contents in the storage media are irretrievably lost. 

to some applications the program destroying the logical data 

fefls to con5)letely destroy the data and advanced data retrieval tediniques 
rasj be employed to recover traces of logically destroyed infomialioa For 
example, inforaiation on a hard drive of a computer may be recovered by 
10 methods vvWdi detect previously vvritten and aasedbinaiyvrordsfrOT^ 
magnetic remnants of the words. If tiie logical destruction methods are only 
partiaUy effective, physical destruction tedmiques may also be required to 
ensure Aat &e data is destroyed and cannot be recovered 

It m^ be desirable to restrict access to particular peripheral 

15 devices on a computer or vrarkstation,raflier than restricti^ 

entire conpiter system. Modem computer 

such restricted access. 

Therefore, there is a need in fte art for a computer security 

system which prohibits unauAorized access and which is not vutoerable to 
20 bypass yet maintains the portabOity and flexiTjihty inherent in a modem 
computer system There is a further need to provide complete protection of 
seosilive data such that Ae data may not be recovered by bypassing the data 
protection systan or by physical removal of data storage devices. Finally. Ae 
system must also provide complete destruction of sensitive data to prevent 
25 retrieval of data traces. 

Summary of the tovaition 
To overcome diese and oflier shortcomings and limitations in 
the art which will become apparent to those skilled in the art upon reading 
and understanding the following detafled description, the present invention 
30 provides a system for controlling access to sensitive infomiadon on a 

computBT without compromising the security of sensitive data The present 
imrenlion restricts computer access to authorized users, to addition, it detects 
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zStmspts to imitate an authorized user to gain access. Further, the present 
invention provides for configurable logical and physical destructicxi of 
sensitive data, and provides means for adjusting the threshold requirement for 
destruction and the level of destruction to suit the degree of security required 

5 for the information stored on the conputer. Finally, the present invration 
provides a means, undo- the control of a centralized authorization security 
administrator, for limiting access to portions of the ovoall conputer systmi 
dspmding on the access privileges configured for each individual user. 

In one embodiment of the present invention, a microprocessor* 

10 controUed card reader intoiace logically connected to the CPU of die 

caropabsr reads and writes information fixsm and to an int^rated drcuit card 
("card" or "smart card") placed in the card reader. The information read is 
presented to the CPU to detmnine whether die user is authorized to use tiie 
conputer, tiie CPU then spedfies vMdti poipherals the user is authorized to 

IS access. A card read^ interface board logically connected to die data and 
address buses of a conputer monitors address bus of the conputer and 
restricts access to the data storage devices and configurable ports in the 
system and executes a spedal voification program to verify autiiorization of 
the user. 

20 According to one embodiment of the presoit invention, vAax a 

valid usCT card is placed in the card reader one or more questions are read 
fixxm the card and displayed to the usct. Tlie user's responses are con^iared to 
the correct answos stored on the card and, if the responses match die correct 
answm, the CPU is allowed to access all perijdidrals the user has been 

25 audiorized to use. Cdiipit^ security is inpnoved by coordinating 

identification information received fiwi the card, user, and con^iuter RAM to 
ensure prppo- verificatioa The system requires that die same card, user, and 
connputer be used to control access. 

In one embodiment of diis invention, the system provides fix a 

30 tnediod of initializing and audiori2ing a user card with a security administrator 
card Upon a valid security administrator card being placed in the card 
reader, a security administrator initializes and audiorizes one or more 
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individual user cards by selecting ftom a Ust of inenu options displayed to the 
security administrator. Thesecurity adminisliator inputs a Kst of questions 
and answers .vhich are then stored on the user card for nse during the 

voification procedure. 
5 In one embodiment of the present invention, the systan 

provides for a hierarchy of access privileges by encoding access codes dii^ 
on the card v*idi aUow users with superior access privileges to access data 

on computers ofuseis with inferior access privileges. Hie same coding 
system prevents the users with inferior access privileges from acc^ 

10 computBrsofthose with superior access privileges. 

In one embodiment of the present invention, the system 

provides for the pl^sical or logical destruction of data in response to 
unaudiorizBd attempts a user to violate the physical or logicd integrity 0^ 
the computer systoa The physical and logical destniction of data may be 
15 disd>ledformaintenanceorconfigurationpuiposesbyuseofamaintenance 

card. 

Hie preceding and otfier features and advantages of Ae 
invention wiU become fiirtiier apparent from Ae detailed description to 
foUows. Tbis description is accompanied by a set of drawiqg figures. 
20 Numerals are employed tooughout Rewritten description and Ae^^ 
point out the various features of this invention, like numerals referring to like 
features throughout 

PtnVf DRscri ptioo of the Drawings 
fa the drawings, where like numerals describe like components 

25 tfarou^MJUt the sevoal views: 

FIGURE lA is a pwspective view of a first embodiment of a 

secure computer system implemented according to the present invention; 

FIGURE IB is a blodc diagram showing the high-level 
ardntecture of a first embodiment of a secure computer system implemented 

30 according to Ae present inventioi^ 
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FIGURE IC is an electrical block diagram showing the 
microprocessor-controlled card reado- interfeoe for a first mibodiment of a 
secure conqniter q^ston according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure conpiter system inq^lenraited according to the present inventicm; 

FIGURE IE is a perspective view of a third embodiment of a 
secure computer systan implemOTted according to the p^ent invention; 

FIGURE 2A is a block diagram of a conputer system with a 
hard drive and interface board; 
]0 FIGURE 2B is a blodc diagram showing how a conqniter 

syston with hard drive is modified to oeate a secure computer systm 
according to a second embodiment of the present invention; 

FIGURE 3 is a block diagram showing the hi^ level 
ardntecture of a secure ccnpiter systan according to a second embodiment 
IS of the present invention; 

FIGURE 4 is a block diagram showing die hi^ level 
aixtitecture of one enibodiment of Ae control ASIC sho^ 

FIGURE S ^ows a block diagram illustrating the operation of 
one embodimOTt of the data steering network shown in FIGURE 3; 
20 FIGURE 6 is a blodc diagram showing the loado" program and 

verification program resident in* the read cmly memory (ROM) of one 
embodiment of the card reado" interface board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps takoi to initialize and execute the security portion of a secure 
25 cooputer system program according to the presoit invention; 

FIGURE 8 is a blodc diagram showing a hierardiy of access 
for vsGts of a secure conputer syst^n; and 

FIGURE 9A and FIGURE 9B illustrate a pictorial display of 
one embodiment of amounting sdieme used to co-locate a card reader and 
30 hard drive. 
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mailed S pedfifation of tfap Prt^fprreA FmbodimeotS 
In the Mowing detafled descripticm of &e preferred 
embodiments, reference is made to the accompanying drawi^ 

part hereof, and in whidi is shown by w^ of illustration specific 
5 embodiments in which the invention may be practiced It is to be understood 
that odier embodiments may be utiliTcd and structural changes m^ be made 

widKHit departing firom 4e scope of the present invention 

FIGURE 1 A shows flie conqxjnenls of a conpiter system to be 
secured with a card reader interfece according to a first embodiment of the 
10 present invention This embodiment was shown in US. Patent No. 5,327,497, 
issued July 5, 1994, by Mooney.etal. The computer system includes a 
keyboard 101 wbidi a user may input data into the system, a conp^ 

chassis 103 which holds dectricai componenls and peripherals, a screen 
display 105 by whidi information is displayed to the user, and a pointing 

15 device 107, the system components logically connected to each odier via the 
internal systembus of the compute. A card reader 111 is connected to fte 
secure conpiter system via card reader interfece board 109. Thepreferred 
card reader 111 is an Amphenol® "Onpcard" acceptor device, part number 
702-10M008 5392 4794, wWdi is compatible with International Standards 

20 Organization (ISO) specification 7816, although one skilled m the art would 
readUy recognize Aat other card reader devices v^ch conform to ISO 7816 

may be substituted. 

In order for 4e computer system to be secured, a card reader 

inteifece is integrated into the computer system in a manner similar to that a^ 

25 revealed in HGURE IB. A card reader interfece board 109 contains a 

microprocessor 116 connected to &e CPU of the computer via a second data 
bus 1 17, connected to RAM 127 via a flnrd data bus 131, and connected to 
thecardreaderlllviaafourflidatabusl33. The interfece board 109 is 
typically implemented with printed draiit board technology, althou^ odier 

30 equivalent technologies may be substituted without loss of gqieraMty. 

Peripherals 121 within computer 103 are controlled by the CHJ 123 and PLD 
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129 with a power control circuit 1 19, vdiidi turns powa- oflF and on to 
peripherals 121. A system boot ROM 126 logically connected to the CPU 
123 to start executing a non-volatile program contained in PUD 129 vpm 
initialization of the compita- during power-ip, clear, or warm-boot reset 
5 An IC card 1 15 is used in conjunction with card reader 111. 

The preferred card 115 is a MICRO CARD® or GEMPLUS® card (for 
exanple, Scot 100, TBIOO, or COS IC cards), vAnch is conpatible widi ISO 
7816. By conforaiing to this standard, the card 115 mables the support of 
Data Enayption Standard (DES) data enoyption and decryption functions. 

10 One skilled in the art would readily recognize that otl»- cards v^di conform 
to this standard and provide data enoyption and decryption functions may be 
substituted The aUlity to enoypt and deoypt data is inpirtant, since the 
present invention is designed to ensure that unenoypted sensitive data does 
not reside in tiie GPU vAiae it could be read by an unauth(»ized user. 

15 Hie schonatic for card read^ inter&ce 109 is described in 

greater detail in FIGURE IC. Mcrpprocessor 1 16 is powaed by circuit 135, 
and ccHitrols syst^ functi(X)s via corniecticms to die system data bus 125. 
System resets are initiated by dear line 137. Validation and aufliorization 
infomiarion is transferred between the miCToprocessor 1 16 and RAM 127 via 

20 the third data bus 131 in conjunction with address or data select line 141, 
strobe line 143, and chip select line 145. Backup power is provided for RAM 
127 by a +5 volt lithium battery 139. 

The micTOprocessor 116 communicates with syston data bus 
125 as a serial communications device using CIS line 147, DTR line 149, 10 

25 MHz dodc line 151, serial data out line 153, and serial data in line 155. A 
sq)arate 3.5 lAHz dock line 157 is used to provi(fe a clodc signal to PLD 
129, wfaidi is used by the microprocessor 116 for card reset control via line 
159, card serial data control via line 161, and card intem^Tt control via line 
163. The PLD 129 in turn connects to &e card via card senal data contact 

30 177, card dodc contact 179, and card reset contact 181. 

Nfiox^srocessor 116 also has the ability to control the physical 
destnjction of data within the conpjt^ syst^ via line 165. A physical 
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destruction device may be triggered usii« line 165 as a de^ 
exaniple line 165 nmy be connected to a mediamsm containi^ 
solution vvhich is sprayed onto a hard dsk cori^ in fl« secure 
system ^en an unauthorized user attempts to vidate tbe physical or 1^^ 
5 integrity ofthe computer system. Several destnict mechanisms are tau^ m 
the prior art, and one of ordinary skill in ihe art would lecognizB ftat odier 
equivalent destruction diemicals and mechanisms may be substituted xviftout 

loss of generality. 

The microprocessor 1 16 uses power control line 173 with 

10 switch 171 and +5 volt tdsy 175 to provide power to the card via card logic 
voltage supply contact 183 and card programming contact 187. Tbecardis 
grounded via card ground contact 185. and detected by applying power 

throu^ card detect power contact 191 to microprocessor 116 by 

contact 189. Card contacts 193 and 195 and line 197 are resffved for fa^^ 

15 use. 

FIGURE ID shows fte components of a second eniodiment of 
a secure con^niter system according to the present invention Secure 
computer system 100 indudes a keyboard 101 ly whiA a u«^ 
into the system, a compute diassis 103 vttdi holds dectrical compowrts 
20 and peripheids, a scrmi display 105 lyiAttAinfiOTiation is di^^ 
user, a secure hard drive 113, and a pointing device 107, Ae system 
conijonents logically connected to eadi other via &e internal system bus of 
Aeconqjuter. A card reader 111 is connected to the secure computer system 
via card reader interfece board 109. As in the first embodiment, the prefaied 
25 card reader 111 is an Anphenol®"Chipcard" acceptor device, part number 
702-10MD08 5392 4794, whidi is compatible with hxtemational Standards 
QrBanizarionGSO)7816spedfications. One skilled in the art would readily 
lecpgnize, hovrever, Aat other cani reader devices which conforai to ISO 
7816 may be substituted. nGURE ID shows card reader 111 and secure hani 
30 drive 113 co-located in a single peripheral bay. Other mounting tedmiques 
are available, however, wWdi would not modify the scope of the present 
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invOTtion, for exanple, positioning card reader 1 1 1 externally as shown in 
HGURE IE. 

FIGURES 2A and 2B illustrate the n^difications required of a 
standard personal computer system 705 in ord^ to create a secure conpiter 
5 system 100 according to the present invOTtion. FIGURE 2A is a sinplified 
block diagram of a conpiter systan 705 commonly foimd in the prior art 
Central processing unit (CPU) 290 is connected to dedicated hard drive 
controller logic 710 which serves as an interface for the conputer system to 
hard drive 1 13. Typically, hard drive controller logic 710 is a printed circuit 

10 board wfaidi is installed in the backplane or integrated into the motharboard of 
conpiter 100, and hard drive controller logic 710 is connected to hard drive 
1 13 using a multiconductor cable 720. Hard drive 113 may be mounted 
externally to conpjter 705, or intmially. 

FIGURE 2B shows how the standard personal conpiter 705 is 

15 converted to a secure coaipvfter systmi acceding to one embodinmt of tfie 
presoit invendoa In FIGURE 2B, secure cmputer system 100 is foaaod by 
adding integrated circuit (IQ card 115 and attaching card reado* 111, cable 
730, and card reader interface board 109 to system 705. Card reader 111 
be added to the systan by rraioving cable 720 from hard drive 113 and 

20 connecting it to card reado* intoiace board 109, then connecting card reader 
1 1 1 to card reader interface board 109 via cable 731. Hard drive 1 13 is 
connected to card read^ inter&ce board 109 using cable 730. 

Card reader 1 1 1 acts in concert with card reader interface board 
109 to limit access to sensitive data stored both on hard drive 113 and card 

25 reader int^iace board 109. Integrated drcdt card 115 is pr^irpgrammed with 
information used to verify that the user is authorized to access tiie sensitive 
data stored on hard drive 113. Security for srasitive data steered on hard drive 
1 13 is provided by requiring a minimum of three distinct sources of 
audiorization verification information in order to access the smsitive data In 

30 order to gain access to the srasitive infbrtnation stored on hard drive 113, 
both card 115 and card reader interface board 109 must presmt propo: 
idffltification information and the user must enter a series of predetermined 
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answers to a series of predeteraiined questions. If any of the sources of 
identification infotmation is inconect. board 109 niay prevent access to 
secure computer system 1 00 by freezing the system bus 292 (requiring cyding 
of the system power to reset secure computer system 100), logically 
destroying any sensitive data on the system, or physically destroying 
storage devices containing sensitive informatioa 

The details of one embodiment of the present invention will be 
specified in greater detaU using the foUowing figures. HGURE 3 is a detailed 
electrical block diagram of the secure computer system 100 of HGURE 2B, 
showing connections between card reader interfece board 109, card reader 

111, secure hard drive 113, and central processing unit (CPU) 290. Inihe 
prewnt invention, independent, dedicated data buses are employed sudi that 

card reader interfece board 109 coramumcates with card reader 111 via card 
reader bus 225, hard drive 1 1 3 via hard drive bus 272, and CPU 290 via bard 

15 drive controUer logic 710 and system bus 292. (hard drive bus 272 is 
analogous to cable 730 of HGURE 2B and system bus 292 is analogous to 
cable 731 of HGURE 2B.) The utilization of independent dedicated data 
buses for communications with card reader 111, hard drive 113, and CPU 290 

decreases the chances for retrieval of sensitive data and encrypdon 
20 infonnation, since system bus 292 transfes only unencrypted data to tiie 
conpjter system from card reader interlace board 109. Anunautborized 
intnider would have to monitor all three buses to attempt to decipher Ae 
encryption codes used and the method by which fiie security system intaacts 

widi die computa- systait 
25 FIGURE 3 also shows tiie intoTConnections of the ccarponents 

on card reader imerfece board 109. to one onbodinient, the card reader 
interfece board 109 craitains a Zilpg Z86C6116 processor 220 for controlling 
data transfer between card reader 111, hard drive 113, and CPU 290. The 

Z86C6116 is an 8-bit data bus, 16-lrit time-multiplexed address bus 
30 microprocessor spedfied in AeZapgZSMicrocotitroUers Book, 1X23^ 

(1993), whidi is incorporated herein by reference. Other nricroprocessors may 
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be readily substituted without materially afifecdng the scope of the present 
inventioa 

Processor 220 controls the transfer of data on card reader 
intarfece board 109 by issuing commands to control ASIC 230. Control ASIC 
5 230 acts as "glue logjc," under ccMitrol of jrocessor 220, coordinating flie 
operation of data steering network 240, cipher engine 270, and processor 220 
to control information transfo* betwem CPU 290, RAM 260, and hard drive 
113. 

Data steering netwoiic 240 is an 8*bit controllable iiq3ut and 
10 output port circuit designed to allow processor 220 to communicate witii 
RAM 260 and cipher engine (CE) 270, but to prevent unautfaorizBd access fay 
a user controlling system bus 292 to retrieve data fixsm RAM 260. FIGURES 
is a block diagram showing die operation of tiie data steering network 240. 
Data steering network 240 essentially operates as an bit wide 
15 bidirectional parallel multiplexer ^ch limits data transfer from processor 220 
to RAM 260, or altonatively to CE 270 (and, therefore, potentially to Systran 
bus 292 ifport A 274 and port C 278 of CE 270 is connected). Attempts to 
read information from the address space assigned to RAM 260 vMdti 
originate from tiie syston bus 292 are inpossible, since RAM 260 is logically 
20 isolated such that no address space exists from system bus 292 to access 
RAM 260. 

Returning to FIGURE 3, in one embodiment cipher engine (CE) 
270 is an S-bit NSA certified DElS enoyption engine meeting specification 
DES 3. Sudi a device is mami&ctured by Conpiter Hektronik as part 
25 number CE99C003. Furtho- infrsmadon detailing the operation of that 
embodiment of CE 270 m^ be fryund in CE Infosys 99C003 Data Sheet 
Vosion 1.01. 

CE 270 is conlrdled by processor 220 via data steoiqg 
networic 240 by commands recdved at port C 278. CE 270 may be instructed 
30 by processor 220 to provide a data path betweoi port C 278 and port A 274 
(no enoyption) or betweai port A 274 and port B 276 (DES moypted data 
output from port B 276, and nonenoypted data from port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is created using port C 278 and port A 274 i?Aereby 
nonenoypted data can be transferred under control of processor 220 to system 
bus 292 via hard drive controller logic 710. Once user authorization is 
5 verified and there are no pending security violations detected, CE 270 uses a 
key to DES encrypt data transmitted by port B 276 to hard drive 113. 
Similarly, CE 270 deciphers encrypted data from hard drive 1 13 and presents 
it to system bus 292 via hard drive controU logi c 7 1 0 \s4ien port A 274 to 
port B 276 channel is allowed One skilled in the ait would readily recognize 
1 0 that ofter cipher engines which conform to the above-mentioned standards and 
si^jport data encryption may be substituted wi Aout materiafly modifyipg the 
spirit and scope of the presOTt invmlian. 

RAM 260 is subdivided into secure and open segments by 
memory mapping the secure segmoits sudi that they are accessible only to 
15 processor 220. This prevents botfi accidental and intentional loss of secure 
information from the RAM 260 to the systOTi bus 292. RAM260is 
addressable only by processor 220 and cOTitains DES base kernel key 
enoyption information and answers to voification questions retrieved from 
card 115 by processor 220. The opai portion of RAM 260 contains the 
20 verification questions retrieved fixra card 115 and othor nonsoisitive data. 

As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the CPU 290 
i5)on initialization to load and execute tiie voification program Since 
standard BIOS routines attempt to boot fitm the C: drive the use of ROM 280 
25 in concert wifli processor 220 and conlrol ASIC 230 to simdate a drive 
allows the presmt invention to be used in the standard IBM compatible 
personal computer without having to modify the system BIOS (basic 

iipjt/output system). 

Card lis is used with card reader 1 1 1 under control of 

30 processor 220 to provide the computer system 100 with informarion 

concOTDng DES key enoyption, vaificatian questic»is and answers, user 

access privilege level, ©qiiration date, origin of card issuance, and card usage 
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histoiy. As in the first embodiment, the prefonred card 115 is a MICRO 
CARD® or GEMPLUS® card (for example, Scot 100. TBIOQ, or COS IC 
cards), vAndi is conq>adble with ISO 7816. One skilled in the ait would 
readily recognize diat odier IC cards which conform to this standard and 
5 provide data aicryption and decryption functions may be substituted without 
materially nxxJifying the spirit and scope of the present inventioa 
LOGICAL & PHYSICAL DESTRUCT HARDWARE 

Control ASIC 230 also monitors attempted unauthorized 
retrieval of data fi-om the protected storage devices and presents infom^tion 

10 to prooessOT 220 if control ASIC 230 detects an atten^rted unauthorized 
access. lYocessor 220 momtc»:8 signals fixrni die control ASIC 230 and 
commands control ASIC 230 to issue a command to either logically or 
physically destroy protected infinmation in RAM 260 or secure hard drive 
113. Logical destruction of data on tiie RAM 260 is acoonq)Ushed fay 

15 assertingtriggersigtial 211 emanating fixmi processor 220, dearingtfie 

contmts of RAM 260. Logical destruction of the sensitive data on hard drive 
113 follows naturaUy, since tiie DES oicryption key synthesis information is 
destroyed when the RAM 260 data is destroyed, and, witiiout the DES key, 
the information chi hard drive 1 13 is logically irretrievable. Hiysical 

20 destructioi of data can also be acconoplished by assoting j^iysical destruct 
signal 212 emanating fi'om processor 220, as a means of triggering a physical 
destiuct package 213. As in the first ratibodiment, several physical destruct 
packages are disclosed in the prior art, such as a feme chloride spray or 
plastic e?q}losive padcage. 

25 Card reader interface board 109 also contains an extra defbise 

against physical tanq)ering. In one CTibodiment, a transistor circuit 210 is 
used to r^dly exase tiie contents of d|ynamic RAM 260. In such an 
embodimmt, ciicuit 210 grounds die power pin of RAM 260 to erase die 
conbmts of RAM260. In normal operaticxi, trigger signal 211 is not asserted, 

30 thereby aUcwing the collector of transistor drcuit 210 to remain at a voltage 
of qjproximately Vcc. hi tiiis mode of q)eration RAM 260 is powered fay the 
siqTply voltage Vcc whereby current travels tiirou^ diode 261 and fiise 263 to 
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RAM 260. If pcwer is intenupted the batteiy 200 provides cu^ 

260 toough diode 262 and fuse 263. 

When the trigger signal 211 is asserted (by processor 220) the 

collector of npn transistor 210 is forced to a low voltage and current flowing 
5 through diode 261 is sufficient to bum the fiise 263, thereby allowing the Vcc 

temiinal of RAM 260 to drop to zero volts and erasing the logical contents of 
RAM 260. Alternatively, if the battery 200 is supplying RAM 260 with 
current, the trigger signal 21 1 will cause sufficient current to flow throu^ 
fuse 263 to bum fiise 263, and again, the voltage at the Vcc terminal of RAM 
10 260 will drop to zero volts and erase the logical contents of RAM 260. 
processor 220 can initiate the logical destnict feature if conlrol ASIC 230 
alerts processcM- 220 tiiat an unauthorizBd access is being attempted. 

The logical and phyacal destruct medianisms descaibed provide 

several different levds of data security. In one enibodinient of Ae present 
15 invention there are five sdectihle security levds: 

1) Fieesse &s compute system bus, requiiing a "cold boot," 

(power ofT and then on or "reset 

2) AltCT the contents of the int^rated circuit card so Aat 

the card must be xjpdated to be authorized for anodio: session; 
20 3) Qear RAM 260 of the stored kond for Ae enayptiOT 

key, 

4) Lo^cal destruction of RAM 260 memory, requiring 
idnitialization of RAM 260 befiare anolher session m^ be pCTformed on the 
coiiiputCT syston; and 
25 5) Physical destructicm of conpit^ system manory. 

Odier security levds are possible and fliose skilled in the art will recognizB 
that comhinalions of these levds of security are possible wiAout departing 

fiom Ae scope and sprit of Ae present im^ention. 
TT^TKRFACE BOARD GONIROL ■& mMMUNICATlONS 
30 Activities on Ab card reader inter&ce board 109 are 

coordiiKited in part by code "burned into" an internal ROM in processor 220 
and in part by execution of an authorizatiQn verification program as detailed 
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belofw. This allows processor 220 to respond to commands issued by CPU 
290 during die autfaoizadon voification program execution, yet maintain 
security of soisitive data on card reat^ intoiace board 109 by acting as a 
dedicated controller of sensitive DES eno^^on data and authorization data 
5 Processor 220 communicates with control ASIC 230 to control data steering 
nrtwork 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering n^ork 240. Processor 220 is solely 
responsible for communications with card reader 111, which enhances the 
overall security of the present invention since sensitive data is not placed on 

10 the ^em bus 292 where it is vuhierable to retrieval. 

Control ASIC 230 is corniected to ROM 280 and data steering 
netwQik 240 using bus 223 and is also connected to the monitor and freeze 
control lines of CPU 290 which allows control ASIC 230 to "freeze" system 
bus 292 upon dbnand by freezing the system bus 292 if a prohibited access is 

15 detected ov^ the mamtor lines. Control ASIC 230 sends a signal to 

processor 220's INT intern^ 221 when it freezes system bus 292 to infomi 
processor 220 that the bus was frozen^ since processor 220 is not connected to 
system bus 292. 

Control ASIC 230 contains a counter (not shown) which counts 
20 the number of "sectors" retrieved from ROM 280 during boot and loading 
functions (desoibed below) to simulate a hard drive interface to CPU 290. 
Processor 220 is notified by control ASIC 230 vAisn the last byte of prc^^am 
inforaration is read from ROM 280 by CPU 290. Cipher Engine 270 louling 
is ccHitroUed by signals from processor 220 to control ASIC 230, and may be 
25 programmed to connect port A 274 to port C 278 to allow processor 220 to 
communicate wi& system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to communicate with hard drive 1 13 once 
security ccmditions have been satisfied, as detailed below. 

FIGURE 4 is a block diagram of tfie fimdamoital conqxinents 
30 of control ASIC 230. Control ASIC 230 indudes a control register 950 widi 
bits assigned fcx* die control of data steering networic 240 and ROM 280 via 
control port (CP) 910. Ihese bits control whether bus 222 is connected to 
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RAM 260 CE 270 via data Steering ndworic 240. Similarly, the control 
bits assigned to the control of ROM 280 assist in Ae simulation of a C: drive 
during the BIOS initializatiQn v^ch is detailed below. Control raster 950 is 
programmed by instructions fixnn processor 220, and the status of the control 

5 bits may be deteramied by reads from processcH" 220 of status register 960 via 
processor port 980. INT port 900 is also connected to the control and status 
registers, and indicates when tiie system bus 292 is "frozen" when a security 
violation is detected as described above. 

In one aribodiment of the present invention, processor 220 

10 programs regist^s (not shown) in bus address monitor 930 by transmitting 
mask words to these registers via processor port 980. Eadi mask wosx! 
comprises a programmable template idralifying audiorized pai{jierals for the 
particular user as defined by the card 115 vAim issued by flie security 
administrator during tfie aufhorizadon visit, desoibed below in the 

15 SECURrXTADMMSTTlATORAinHORI^^ Control 
ASIC 230 is connected to sysHsxn bus 292 (as shown in FIGURE 3) via bus 
port 920, and can therefore monitor the atten^pted accesses on system bus 292 
and conpare them with the tenplates stored in bus address monitor 930 usiqg 
combinatianal logic 940 to detomine if an unauthorized peripheral access has 

20 beoti attainted If an unaudiorized periphea:al access is attempted one 

embodimmt of the present invention will freeze tiie system bus 292; secure 
conputer systan 100 remains unusable until a power cycle of conqjuter 100 
(to reset conputer 100) is performed Port 920 of control ASIC 230 is 
connected to hard drive controller logic 710, as shown in FIGURE 3, in order 

25 to control access to hard drive 113 in a manna: known to &ose skilled in the 
art 

Bus address modtCH' 930 monitors system bus 292 lefomces to 
peripho^ devices sudi as serial and parallel ports, netwoiks, and A or B 
floppy disks. Bus address monitor 930 nionitors nom[}al BIOS references 
30 during initialization, such as reset, warm, or powa-'up boot, and monitors to 
detect atten^ited prohibited accesses to denied peripheral devices as defined 
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on card 115 during die audicsization visit (see SECURITY 
ADN4INISTRATOR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Data steering networic 240 is shown in a sin5)lified block 
5 diagram in FIGURE 5. Data steering networic 240 essentially acts as a 

bidirectional, eigjit bit parallel, steerable data diannel. Control ASIC 230 can 
control whether the eight bit bus 222 from processor 220 is ccmected to 
RAM 260 or CE 270 by decoding the address on bus 222 and selecting irpit 
20 of the data steering networic 240. Control ASIC 230 can also disable the 

10 data steering networic 240 by togg^g enable ii^ 30 of data steering 
netwc»:k240. Ibis c>peration also ensures that CE 270 is never directly 
connected to RAM 260 via data steoing networic 240, adding to the 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTION 

IS Hioe are essentially three types of cards: maintmance, issuiar, 

and user cards. Tlie maintmance card allows the user to access the syston 
only ibr diagnostic purposes, but no sensitive data is accessible using the 
maintenance card An issuer card is the tc^most card of die security 
hiomdiy. It enables the issuing program to configure a plurality of 

20 subordinate user cards. In one emtbodiinent, user cards can aeate subordinate 
user cards and allow the user to access pmplnals per privileges granted by 
the issuer during card configuratioa The user cards enable users to access the 
secure infonnation on ccxnputer 100. 

One embodimmt of tfie security hierarc% is shown in FIGURE 

25 8. Box 500 rqrosents an issuer card daUed tf^ issuing office card Box 501 
is also an issuer card called the security administratar's card The issuuig 
office card 500 is used to oeate die security administrator's card 501, wfaidi 
in turn creates subordinate user cards rqmsented as the rraiaining boxes in 
FIGURES. In diis enibodinrait, die issuing office card 500 nGay not access 

30 data in conqjutCT system 100; its purpose is to create subordinate uso- cards, 
sudi as cards 510, 530 and 540. 
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SFniRTTY ADMINISTRATOR AT TTHnRTZATIQN VISIT 

The next section of the spedficaticn of the present inventioo 
requires a discussion of the information stored on the user card 115 prior to 
the first use of the card 115 by a user. A special card issue program is run on 
5 a computer system 100, as shovvn in HGURE ID, which programs the user 
card 115 pursuant to ISO 7816 specifications. This programming is typicaUy 
done by a security administrator who is responsible for determiniiig the scope 
ofauflKMizationoflhe particular user. Such a session is called an 
audiraizaticn visit 

IQ Tiie card issue program used to conduct an autibaizatian visit 

will store in sq)arale registers located on card 115: exjaration date of the 
card; the code assodated wifii the issuing office; the peripherals wWch Ais 
particular user may access with this card; a code identifying the card as a 

maintenance card, issue card, or user card; the level of authorization of fte 
15 user of the card (see the ACXZESS HIERARCHY discussion of HGURE 8, 
below); a series of questions used to identify the user, and their associated 
answers. 

A "first use" register is also dedicated to indicating v/beHher Ae 
caiti has been used before to allow the system to identify first use. Firstuse 

20 presents an opportumty to configure conpiter system 100 by storing in RAM 
260 sensitive data pertaining to tibe spedfic usCT. ta the event die information 
on RAM 260 is erased, the first use register indicates that the card 1 1 5 was 
used at least once and the veer will be lequired to rqjort to Ae security 
administrator to have the card rdssued before secure computer system 100 

25 willaccqjtit 

A retry counter raster is also piugiaiiimed during the 
auAorizalion visit whidi contains a value specifying the number of errors a 

potential user can make in answering Ae user identification questicHis before 
Ae system terminates Ae verification process, hi addition, certain information 
30 is stored in Ae card automatically under ISO 7816 spedficatioo, such as Ae 
type of card whidi is bong used (for example, MICRO CARD® or 
GEMPLUS® caixJs) and Ae amount of memay avdlable on the particular 
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card One skiUed in the art woidd readily recognize 
stored on Ae card be stored in other configurations without matoially 
modifying the scope and spirit of the present invention For exanple, flie 
number of questions may be varied without materially dianging tfie iirvaitioa 
5 QUESTIONS AND ANSWERS USED FOR JDENTIIFICATION 
VERIFICATION 

A s^es of questions are posed in a consistent format, and the 
answers are recorded to identify a particular user. For cxamph^ one question 
the uso: migjit be asked is: "What is your favorite color?" Hie usct should 

10 respond with a teTct string entry wfaidh matdties die i)rerecc»rded answer. 
Thmfore if the user responds: "Blue", but the answ^ was prerecorded as 
'*B^^'''E!", the response will be inconrect and, depending on the value set 
in die retiy counter, die user may be dmied access or allowed to answo* 
anothCT question. One embodiment of the present invention uses fifteen 

IS questions to identify the user. Sudi an approach reduces the chance an 
unaudiorized vscr can acquire the correct responses diroug^h surrqptitious 
means. It shodd be obvioiis diat any subcombination of the fifteen questions 
may be used for identification purposes. In one onbodin^it of the present 
invention, a random number gsncxBtac decides the number of questions to a^ 

20 (nriniraum three), and the particular questions selected Howevo", it is clear 
that the number of questions and dieir selection process may be altered 
without materially altaing the scope of die presmt invmtioa 
INITIALIZATtON OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow diagram detailiiig the procedure by 

25 vMch die present invention acquires control of the conqniter for user 

identification and verification purposes upon an initialization sudi as power 
up, dear, or warm boot reset Ihose dolled in die art will readily appreciate 
diat minor modifications to die ordor or exact inplementation of die foUowiqg 
stqss will not materially modify either die scq)e or spirit of the presoit 

30 invention l^xm initialization, at step 704 the standard ccanapaieT BIOS will 
query the coopiter system to detennine die present configuration of the 
systoix Processor 220 is programmed to monitor and save BIOS routine calls 
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made by the secure conpiter sy5tem*s BIOS during step 704. Control ASIC 
230 assists processor 220 in momtoring and memorizing the BIOS routine 
calls. The memorized calls are thai used as a tenplate for con^Darison 
purposes to rasure that subsequent reboot of the computer systan with the 

5 standard operating system conforms witfi the initial pattern. Such a check 
verifies tfiat the system BIOS is, indeed, in control of the subsequent reboot 
process. This prevents loading of another systffli B10& to bypass the security 
system in ofder to access sensitive data 

As detailed above, tfie hardware presoit on card reader 

10 intoiace board 109 is designed to siinulate the presence of a hard drive. At 
initializaticm, CPU 290 executes the standard BIOS routine of loading the first 
"cme and/or two sectors" fixsn the C: drive. Card reader inter&ce board 109 
intercepts the read issued by CPU 290 and directs it to ROM Asis 
iUustrated in RGURE 6, ROM 280 contains loader program code 6 

15 Tberefore the first one or two sectors of the "C: drive'' are read fi^om ROM 
280. (Whether one or two sectors are loaded depends on the type of CPU 
290, speed of CPU 290, and type of BIOS used by the con5>uter system.) 
Loader program code 610 is then e>cecuted by CPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Those sectors contain a verificaticMi 

20 pro g i am (620 of FIGURE 6) used to verify the audiorization of the user to 
access die system. Control ASIC 230 monitcHrs tfie loading process, informing 
processor 220 at step 712 vAia:i the last byte of code is loaded into CPU 290 
so that processor 220 is aware that &e verificaticm program is about to 
execute on CPU 290. Processor 220 ibisn genoates, at step 713, unsolidted 

25 card status fixnn card reader 111. Nfeanv^e, at 714, CPU 290 executes 
verification program 620. When unsdidted card status has beoi retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to system 
bus 292 via data steoipg netwoik 240, CE 270, and hard drive controller 
logic 710 (stq) 721). Processor 220 then transmits the status of card reader 

30 111 to CPU 290, howBva-, the verification program will loop until unsolidted 
card status is recdved fiom processor 220 (step 722). 
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USER AUTHORIZATION VERBFICATION PROCEDURE 

At this point, the prcxressor 220 is actually CQntroUing system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CT^U 290 throughout tfie execution of the verification program CPU 
5 290 receives an intern^ indicating that a card was insated, and \^4iether a 
conductive card is present (steps 724 and 728). If no card is presoit, thai a 
message to "insert card" is flashed to the opoator on display 105 (step 726). 
If the card 1 IS is conductive, then the system bus 292 is frozen and the 
vorification process is temimated (step 736). If the card 1 IS is 

10 nonconductive, thai power is s^lied to the card reader 111 (stq) 729)^ l^xm 
powovf), die card 115 issues an unsolicited reset message vAddti is transfered 
to the CPU 290 by processor 220 (stq) 732). Rrocessor 220 resets card reader 
1 1 1 by holding the RST signal (224 of FIGURE 3) low (active) for a 
specified time as defined by ISO 7816-3, and thm raises the signal to indicate 

15 end of reset to card 115. Card 115 issues a reset message to processor 220 
via card reader 1 1 1 \^ch identifies whether Ae type of card being used is 
MICRO CARD® or (^MPLUS® (per ISO 7816, MICRO CARD® and 
GEMPLUS® Tedmical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 fi^ezes the system bus 292 and terminates 

20 the authcxization process (stq> 736). If the cardis accqitedas potoitially 
valid thra the verification prpgram determines if the card was issued by the 
correct issuing ofiSce (step 742). Hie e?qriration date is also retrieved fixsm 
the card by processor 220, but must be soit to CPU 290 because processor 
220 does not have a cloc^calendar to coaspsie the e>qiiration date (stq> 744). 

25 If dlfaor of die tests in steps 742 or 744 Aen syston bus 292 is fiozen by 
processor 220 and the verificafion process is stcqjped (stq) 736^ If the card 
115 meets die previous tests, dioi CPU 290 instructs processor 220 to read 
several questions and their associated cotiect responses fitnn die card 1 15 and 
load fiiem into RAM 260 (step 746). In one embodiment of the present 

30 invention, die answons are stored in the secure area of RAM 260 and die 
questions, vMdti are nonsensitive, are stored in the open area of RAM 260. 
Hie user is then queried for responses to questions read fixnn card 115 and 
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must answCT tiie questions ccjnBcdy to gam access to the com^ Hie first 
question is displayed to the user (step 748), an operator response is received 
by CPU 290, foimatted, sait to processor 220, and conqiared by processor 
220 with tfie answers stored in the secure space of RAM 260 (steps 752 and 

5 754). A retry counter located in processor 220 is incremented each time an 
error is made in answering the questions, and is prqjrogrammed by the 
security adrainislrator to taminate the verification program if the number of 
enoneous responses exceeds the prqjrogrammed value (steps 758 and 736). 
Hus protection is installed to prevoit an unaudiorized user of a card fitan 

10 iqjeated guesses of Ae conect answers to the posed questions. 

Afta- the last question is asked (step 762) the DBS encryption 

key is calculated (stq) 764). In cne enAxxfiment of the presoit invoition, the 
key is calculated using user unique tnnaiy infijnnation stored on tiie card 115 
and in tiie RAM 260. Hris allows Ae program to calculate unique keys evm 

15 if the key generation equation is identical fixjm user to usct, ance the iipits 
identifying eadi user will be depoident on tiie answers given by tiie user, and 
tfierefore, the calculated key will be unique. Another embodimait of tiie 
present invention will have the verification program pccanpt the user with an 
additioial question to assist in the key randomization process. Alternate 

20 anbodimentsofthe present invention could insert such a questi<Hi at any 
prant in the verification program prior to the key genaation s^. In one 
enibodiment of the present invention, the key generation algorithm is given by 
the pseudocode shown in TABLE 1: 

25 TABLE 1 
BEGIN: 

read the binary data from card 115 associated 
witii the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store the carries generated in a register to form 

a random number; 

exclusive or the random number generated in the 
previous step with data stored in RAM 260 of secure 
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computer system 100 to generate 16 strings of 64 bits, 
which will sers/e as potential keys for encryption; 
load the sixteen keys into CE 270; 
generate a random niiniber between 1 and 15; 
5 select one of the sixteen keys using the random 

number; 

use that key for encryption purposes; 

END. 

10 However, it will be clear to those skilled in the art that other formulas may be 
used widiout mataially modifying the spirit and scope of the presoit 
invention. 

After the key is derated, it will be loaded, dang with an 
encryption table, into the CE 270 (st^ 772), so that the CE 270 will be readty 

15 for enoyption if die test of the loading is passed (stq) 774). Ifthe table is 
not loaded coirecdy, fbsn the verification progFam will temmnate (step 736). 
If the taUe is loaded correcdy, die processor 220 reviews the entire history of 
the verification sequence (77Q to ensure that aU of the required tests have 
passed (778) before connecting the q^stem bus 292 to CE 2 If, at 

20 778, all required tests have not passed correctly, the verification program is 
terminated at step 736. Othawise, die CPU 290 will thai boot fiiom hard 
drive 1 13 in ordsr to execute the di^ operBting system for secure conputer 
100 {sxcp 784). Processor 220 monitors this reboot process using control 
ASIC 230 to monitor the BIOS routine calls to ensure that die native system 

25 BIOS is properiy reboodiig die cottpiter fix3m hard drive 1 13 (step 786). If 
any unaudiorized accesses are att^rqjted, system bus 292 is fi-ozen and the 
verification program teminates (stq)s 792 and 736). Unauthorized accesses 
indude: unaudiorized access of peripheral (mcKiitored by bus address monitor 
930 on control ASIC 230), and attempts to boot from die A instead of C: 

30 drive (monitored by processor 220), (stq> 788). If no unauthorized accesses 
are detected, die program will allow die user to use disk drive 113 until the 
session is terminated by the uso* via removal of card 115 or system reset (stq> 
794). Once the user is done, system bus 292 will be fi-ozen and the ocmqnAer 
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100 must be powa: <^led (to reset computer 100) before another session can 
take place (step 736). 
ArCRSS HIERARCHY 

FIGURE 8 shows one anbodimait of a hierarchy of secured 
5 access codes among a multiusa- organizatioa The present invention teaches a 
hiaarchy coding mefiiod used to generate families of access codes which 
permit horizontal and vertical segregation of access codes within an access 
hierarchy. As shown in FIGURE 8, the access code is designed to allow a 
si4)OTor of a subordinate tm- access to flie CCTiputa- of the subordmate, but 

10 only if the superior has access in the same vertical portion of tiie usw 
Werardiy. For exan^ile, refening to FIGURE 8, user 520 cannot access the 
infonnation on user 510's computer (520 is subordiiiate to 510), but can 
access the information CO Aeconiputas of users 522. However, user 520 has 
no access auflrarity ova: user 550 (no horizontal access privily), nor does 

15 user 520 have access aufliority over us«s 552 (lacking vertical oommonaUty). 
A boiefit of such organizations of key information is that accessing be 
limited m an organized and restticted hierardiy. For exanple, if somrfrnw 
security is conp-omised in Ae middle branch of FIGURE 8, then the left and 
ri^ brandies are not coup ouiised 

20 A vast arntyofusCTS may thoefore be accommodated easily 

within the hierarchy shown in FIGURE 8 by dedicating access code words to 
eadi levd. h one such embodiment, sbcty-four (64) bits are allocated to the 
access code word describing 510 levd, allowiiig 2?* unique codes at 510 level; 
sfacty-four (64) bits are allocated to Ae access code word describirig level 520, 

25 allowing 2" unique codes at tiw 520 levd; and sfady-four (64) bits are 
allocated to tiie access code word descrilmig levd 522, allowing 2^ unique 
codes at Ae 522 levd. These bits may be stored on card 115 in dedicated 
registos and asagned by the security adminisbator during Ae auAorization 
visit 

30 Hie horizontal sqnration of usear&nKQr be easily attained by 

including an extra question in Ac list of queries posed and answered during 
Ae verification program execution. An answw could be precteterarined v(*idi 
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would be common among ail users m a common v^cal ffoixp, and vMch 
would segr^ate them fixnn other users in other vertical groups. For exanq>le, 
each individual vertical group would be identified by a unique, predetermined 
response to the same questioa The response could be m^>ped to a binary 
5 number, -wtich could serve as a consistent oflfeet for purposes of generating 
the access code. For exanple, if a question asked for a favorite sport, the 
response "golf could be used by all members of a particular votical ffovp to 
identify ibsk ffovp. 

In one embodment of the present invoition, fifteoi (15) 

10 questions are used to identify the us^, an extra question is used to idoitify 
the particular vertical brandi of the access tree the user resides. These 
questions are enplpyed to select the DES enoyption keys available to tiie 
user. In this wi^, the DES encryption key questions serve as a further 
randomization of the access code ^^di is user depmdeat 

15 EssentiaUy, access information is distrn^uted betweoi the usor 

(in the preprogrammed responses genoated by that iiser), the card 115 
(programmed whoi tiie individual is given access audiority), and RAM 260 
stored on card reader controller board 109. Therefore, in one enibodimsat of 
the invention, the access code is a combination of &e uso:, the card, and the 

20 conqTuter i^iiich the user iises. This provides for a hi^ level of security far 
the oitire system, and requires that the user be re-authorized by the security 
administrator every time the user's access privil^es are lost due to incarrect 
or improper attenpted access. In this way, security administrators can control 
the access Bttsmpts by the users since tiiey are informed eadi time a potential 

25 security breach is encountered; users must be le-authorizBd if the 

idottification information in RAM 260 is destroyed by attenqsted unauthorized 
access. 

DESTRUCnON OF DATA 

Logical destruction of tiie data residmt on the various memory 
30 storage devices found on the conpiter system may be preprogrammed to 
occur B&er a fixed numbo- of fafled att^ipted accesses (see FIGURE 7 
discussion of retry counter, step 758). In one embodiment, board 109 goes 
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further and freezes the system bus 292 to prevent unauthorized retrieval of 
sensitive inforaiatiQn following detection of a potential security hreack Ihe 
data stored in hard drive 1 13 is logically destroyed when Ae DES enoyption 
key is erased since the key cannot be reconstructed by tiie intruder. 

5 Therefore, if the key information in RAM 260 is destroyed, it is equivalent to 
roidering the data stored in hard drive 1 13 logically destroyed, since without 
the encryption key it is undeciphCTable. In one embodimait of Ae present 
invention, the DES key kernel infom^tion stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 vpm 

10 detection of attm^rted unauthorized access, or by grounding the powo: pin of 
RAM 260 using transistor circuit 210 as desaibed in the section LOGICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A fiirtfaer hurdle requires that 
any vser viiose card 115 is invalidated by unauthorized access visit the 
security administiator to get Aeir card rdnstated. Physical destruction of the 

15 data storage media is also possible by asserting pl^ical destnict signal 212 
generated by control ASIC 230 undo* control of processor 220 in &e event of 
a breach, triggering destnict package 213 designed to physically destroy the 
hard drive 113 and RAM 260. 

Alternate embodiments of the destruction means of the present 

20 invention are also possible. In one embodiment, the selection of destniction 
means and the process by vMch die destructicn methods are invoked are 
programmed by altering the code in the internal ROM of processor 220 or by 
varying the value of retries allowable on the register of card 115. Therefore, 
one embodiment of the present invrntion is not limiting and does not 

25 matoially limit die scope of presmt inventioa 

FIGURE 9 illustrates one embodiment of the presmt invention 
showing a card reader recqrtacle 820 mounted with a hard drive 8 1 0 to 
fknUtate pineal nK)untii]g of die card reader and a reside For 
exanple, a hard drive .113 can be co-located with a card reader 111 to form a 

30 siiigie urut conipisiiig a secured disk drive as This 
mounting sdione illustrates only one of sevo^al possible onbodiments of th^ 
mechanical mounting of the card reader receptacle ^0 in the present 
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inventioa Other embodiments iUustratiiig the 

reader receptacle 820 are possible without matoially modifying the scope of 
the present inventioa 

Those skilled in the art will readily see that the presoit 
5 invention offers several benefits ovct other devices including but not limited 
to the ability of one embodiment to provide three levels of compabsr security. 
For instance, one embodin^ of the presmt invention provides security in 
three distinct v/sys: 

(1) immediately asserting control of the conputer system upcai 

10 initializadon in the fomi of preboot protection, since the card reacter inter&ce 
board simulates the C: drive load^ code before an intruder can intemq)t the 
systotn and thereby immediately takes control of the CPU; 

(2) a&ST preboot control is acquired a user verification program is 
executed to ensure that the user is authorized to access the cooputei; and 

15 (3) ongoing monitOTing of con^juter activity as the compiter system is 

in use, to detect attenpted unauthorized accesses using a bus address monitor 
and destroy s^itive program and enoyption key infomaation before an 
intmder can break into the system. 

Those skilled in the art will readily ^jpredate that the scope of 

20 the preset invention is not restricted to securing personal coniputers, but may 
be extended to securing otha* types of computer systems (Idrger or smallo^) or 
specific periph^als of both small and large conpiter systans. Additionally, 
the presmt invention m^ be en(q)loyed to secure tiie digital data stared on 
any syst^ wfaidi stores soisitive digital infbrmatioa 

25 The presmt invention discloses the use of the card reader 

intor&ce board 109 in conjunction with hard drive 113. It should be apparait, 
however, that the same type of security could be ^lied advantageously to 
control die contents of other nonvolatile msaxffy sudi as a conpact disc (CD) 
ROM systCTi, Personal Contpiter Memory Card International Association card 

30 (PCMCIA card), or streaming t^ backiq) unit Indeed, the present invoiticn 
can be £^lied advantageously to control access to any peripheral which could 
be connected to a conput^ system. For instance, the present invention could 



wo 95/24696 



PCT/US9S/02579 



28 

be applied to secure subsections of mass storage devices, such as partitioned 
hard drives or PBX switches. Alternate enoyption metihods, largo- or smaller 
data and addreiss buses, alternate integrated circuit cards and reados, and 
modifications to the control algorithms oiployed in tiie present invention m^ 
5 also be used vdtiiout materially altaing the scope and spirit of present 
invoition. 

It is to be undastood, however, that even thou^ numwous 
diaracteristics and advantages of the inventioii have been set fortb in tiie 
forgoing desoiptian, togetfier wifli details of the structure and function of flie 
10 invention, the disclosure is illustrative only, and changes may be made in 
detail, espedally mattas of shape, si2B, and anangenwit of parts within the 
principles of the invention, to the M extent indicated by the broad general 
mejwiing of fee tarns in \Aadi the appgided claims are expressed. 
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AMiat is claimed is: 

1. A mefliod of operatiiig a conqjuter, cx^npising the stqps of: 
a) prior to boot, acqiriring control of the CPU; 

5 b) loading a verification program; 

c) verifying that the user is authorized using the verification program; 

d) prohibiting access to die conputer if the user is not authorized; 

and 

e) providing access to tfie conpit^ if the user is authorized, 
10 conpising the steps of: 

1) monitoring bus accesses to detect if a user is attenpting to 
read or ^te to an unauthorized peripheral; and 

2) destroying msmxy contoits if unauthorized attend at 
access are detected 

15 

2. A method of protecting information stored in nonvolatile memory of a 
coaipvta: system having a systan bus, con^jrising the steps of: 

a) providing a plurality of sources of identification inforaiation for 
identifying an authorized iiser; 
20 b) restricting access to the conputer system 1^ the steps of 

1) pofonning preboot control of the conpit^, 

2) loading a verification program; 

3) reading identification information fixm the plurality of . 
sources; 

25 4) conqsaring die identification informatiQn read fixnn the 

plurality of sources to vmfy &e authorization of the user, 
c) if die us^ is an audiorized user, providing access to the conpiter 
by the steps of: 

1) allowing access to the conoputer system; 
30 2) constructing an moypdon key fixsm the plurality of 

sources; and 
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3) mcrypting the infonnadon stored in the nonvolatile 
memory using the constmcted encryption key; and 
d) if the viser is not authorized, freeing the system bus such that 
another msmpt to access the conputer systan requires a powerdown 
5 to reset the computer system. 

3. The method according to claim 2, wh^ein the step of providing a 
plurality of sources includes the step of providing idaitification informatim 
from an int^^ed drcuit card, idendficadon information ii^ut from a user, 

10 and idendficadon infisnnadon resident in the cmpiter system. 

4. A method of protecdng infomnadon stored in nonvolatile mmioiy of a 
conpiter system, the computer sj^stem having a central processing unit 
(CPU), die mediod conpi^ng the stq>s of: 

15 a) providing a conqTuto- system \vith an into'&ce board v^th a 

resident verification program and a loader program for loading the verification 
program; 

b) restricting access to the nonvolatile memoty, i^erein the step of 
restricting access indudes the stq>5 of 
20 1) controlling the conpiter system central processing unit 

(CPU) during initialization and prior to booting the conputo:, vsdierein 
the step of controlling comprises the steps of 

a monitoring and storing BIOS calls made by the CPU 
during the loading of the vmfication program; 
25 b. initiating an imtialization of the oonpjt^ system; 

c. simulating a boot disk sudi that the CPU loads the 
loader program; 

d. ej^cuting the loader program; 

e. loading the verification program; and 

30 £ executing &e verification program, viierein said 

program verifies the identity of die user; and 
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2) if the user is verified as an authorized user, allowing access 
by the steps of: 

a providing access to the nonvolatile menxxry; 

b. booting the conputer system fi-om the nonvolatile 
memory; 

c. monitoring and storing BIOS calls made by the CPU 
during the booting step; and 

d detecting logical accesses wfaidi could con:pt>n]ise 
the security of inforaQation stored in the nonvolatile memoiy, 
\sdiQiein the step of detecting logical accesses includes the steps 
of 

1. C(xi9)aring BIOS calls stoed during the 
loading step with BIOS calls gmoated during the 
booting stop; and 

2. if BIOS calls do not matdi, fiisezing the 
system bus, requiring a power cycle of the conputer 
system to reset the conputer system 

5. The method of claim 4, v^erein the method further ccnpises the 
20 stqis of 

c(H)stn]cting a unique radyption key obtained fi^om a plurality of 
sources; and 

encrypting informatioh stored to the nonvolatile memory using the 
oioyption key; 

25 and ^^iierein the step 4.2.d2 of fi:eesdng the system bus conqmses the 

step of logically destroymg die data stoned in the nonvolatile memoiy by 
destroying the moypdon key. 

6. The method of dahn 4, \>siierein tfie step 4.2.d2 of fieezing the system 
30 bus conqirises the step of physically destroying the nonvolatile memory, 

diereby destroying ihe data stored in the nonvolatile memory. 



10 
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7. The method of claim 4 \ndierein tfie stq> of detecting unauthorized 
logical accesses conpises detecting unauthorized peripheral accesses. 

8. A secure conpiter system for controlling a user's access to 

5 confidential information stored in nonvolatile memory, the system conprising: 

a) a system bus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
identifying authorized uscts of the conqniter systan; 

10 d) a card reader for reading identification inforaiation fixim the 

identification card; and 

e) a card lead^ inter&ce, connected to the system bus, viierem 
inter&ce operates to assume control of the CPU ipon initialization of die 
ccm^Tuter systm, the interface conpisix^ 

15 1) a dedicated data bus for communications vitfa tiie 

nonvolatile memory; 

2) a dedicated data bus for communications with the card 
reader, 

3) a verification program to be executed bry the CPU for 
20 limiting access to the nonvolatile memory to only authorized users; 

4) a moixny storage device for storing uso^-spedfic 
mformation; 

5) an enoyption system which encrypts the data stored to die 
nonvolatile mmioiy using an encryption key constructed fiiom data on 

25 the identificatioi card, data in the memory storage device, and iipits 

6mk the user; 

6) an iq)ut/output bus address monitor drcuit for detecting 
att<2iupts to bypass tiie voification program; and 

7) a monoiy erasing dnnut for destroying enotyption 

30 information stored in tiie mauoiy storage device if an unauthorized 

access is detected by the inter&ce. 
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9. A method for protecting information stored in nonvolatile memoiy of a 
conpiter, the mediod comprising the 5tq>s of: 

a) pn*oviding means for interfacing an information bearing card to the 
compvtter, 

5 b) storing individualized questions and answers vAndti uniquely 

identify a user on the information bearing card; 

c) reading idOTtification infomiation and card information from the 
information bearing card; 

d) executing a verification routine \spon initialization in order to 
10 detemiine whdher the user is authorized to gain access to the protected 

infom[iation stored in the nonvolatile memoiy, v^dierein the vmfication routine 
conpises asking the user the individualized questions and conparing answo^ 
received against &e stored answers; and 

e) if the visgc correctly answers die questions, pomitting access to 
IS portions of the protected information stored in the nonvolatile memoiy 

10. Hie method according to claim 9, fiir&er conq}rising the step of: if the 
user does not correctly answer tfie questions, fi:eezing the oowputcr and 
requiring tiiat the conqniter power be cycled to reset the conputer. 



20 



25 



1 1. The mediod according to' daim 9 further conpising the step of 
programming die infOTnation bearing card with individualized access privilege 
information to identify whidi nonvolatile monory devices the us^ is 
privil^ed to access. 



12. The medKxi acconiing to claim % whorein the step of pecmitdng 
access conpises die stq)s of 

a) verifying diat the user is privileged to access the mfbrmation stoiied 
in a first storage device; and 
30 b) if die uso- is privileged to access die infomiation stored in the first 

storage device, peimitdng access to die protected information stored on die 
first storage device. 
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13. The method according to claim 11 further 

user attempts to access infomiation from an unprivileged storage device, 
freezing the conputer and forcing the user to reset the conputer system and 
begin authorization verificadon again 

5 

14. The method according to claim 9, \sherein the step of reading further 
conpises the stq) of inaaiiailing a retry counter if the user incorrecdy 
answers a question, and waiting for a subsequent user response if the retry 
counter has not readied a predeteraiined value, otherwise terminating the 

10 authorization procedure. 

15. The method accordmg to claim 9, wherein the step of reading fur&o' 

conopises the stsps of: 

a) reading a card idendfication code from die card indicating card 

15 type; 

b) determining a card type from the card identification code; and 

c) if die card is a maintenance card, allowing a visac access to the 
conqjuter for maintraance puqx)ses, without allowing access to the nonvolatile 
naemoiy of the conputer. 

20 

16. A secure coriputCT providiiig fw the controlled access of iiitemal 
devices via a card reader, the ccopiter con^irising: 

a user input device; 
a card reader, 
25 a screen di^lay, 

a central processing unit (CPU); 

a device containing nonrvolatile CPU program code; 

a CPU system boot ROH 
a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessor for writing and reading information to and fixm a 
card placed in the card reader, the microprocessor and the CPU 
connected through a dedicated data bus; 
an encryption engine; 
5 a volatile mmioiy device for storing data retrieved from the card fay 

the miCToprocessor, 

said CPU system boot ROM including code for instructing the CPU to 
start executing the CPU program code in the device so that the CPU 
program code in the device takes over control of the CPU, so that 
10 upon a power-iq), clear, or warm-boot reset of the conq^uter the CPU 

program code in the device obtains control of the CPU; and 

said CPU reqxmsive to said CPU program code, to poform an 
authorization voificadon procedure conq^rising the steps of: 

a) instnictiqg tiie microprocessor to read a card placed in 
IS the card reader by a user and obtam at least one 

question from a list of questions stored in the card; 

b) displ^dng the question to the user on the screen display, 
and waiting for a response from the user on the input 
device; 

20 c) passing the respcHise to the microprocessor and the 

miaxDprocessor conparing at least one user response to 
a list of correct answers stored on the card; 

d) receiving the results of the conparison by the 
microprocessor and allowirig access to the conqniter if at 

25 least one usee response matches a correspondiiig correct 

answer; 

e) generating an encryption key from data on the card, data 
stored in volatile memory device, and responses 
received by the user; and 

30 f) encrypting all data stored to the plurality of peripherals 

nsii^ the mcryption key. 
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17. The conpiter of claim 16 further corrpisiiig: 

a security circuit for luonitaring attOT^^ted unauthorized accesses of the 
coii5)uter; and 

a logical destruct circuit, connected to the security circuit, for 
5 destroying data in the volatile msmory device if unautfiorized access is 
detected by at least one of the microprocessor and the security circuit; 
and whCTem the microprocessor perfomis the steps conprising: 

monitoring and storing CPU BIOS routine calls during the 
autfaoriTation verification inx)cedure; 
10 monitoring and cornpanng the CPU BIOS routine calls during 

the rebooting process to detect conliol of flie syston data bus by 
aiK>ther program; and 

if the BIOS calls stoied during the authorization verification 
procedure do not match the BIOS calls monitored during the rebooting 
15 process, then logically destroying the data in die volatile memoiy 

device; and 

wheaein the CPU performs the additional step of incrementing 
the value of a retry counter if the user incorrectly answers a question, 
and waiting for a subsequait user response if the value of the retry 
20 counter is less than a pre^temrined value, odierwise tmninating die 

audK)rization procedure. 

18. Hie conpiter of claim 17 vdioein die conputo: fiirther conpises one 
or more physical destruct mechanisms logicaDy connected to die 

25 nriopprocessOT for 0iysically destroying data on at least one of die plurality 
of periph^ devices. 

19. The camputCT of claim 17 fiiilher comprising a physical destruct 
output and {iiysical destruct padcage, die ou^ for triggering die physical 

30 deslriictionofthe secure conpiter by conptercoritrolu^ 
attended unaulhori23ed access. 
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20. The conpiter of claim 17 wherein the key infonnatian is gmerated 
from data stored on the card, in the volatile memory device, and fixm 
responses entered in by a user during the verificadcsi procedure. 
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